mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-13 13:25:37 +00:00
Bug 1107525 - Fix corner case of in-place debug mode bailout and SPS pseudo frame popping. (r=jandem)
This commit is contained in:
parent
7412acaf8c
commit
9729dce1ba
9
js/src/jit-test/tests/debug/bug1107525.js
Normal file
9
js/src/jit-test/tests/debug/bug1107525.js
Normal file
@ -0,0 +1,9 @@
|
||||
// |jit-test| error: InternalError
|
||||
enableSPSProfiling();
|
||||
var g = newGlobal();
|
||||
g.parent = this;
|
||||
g.eval("new Debugger(parent).onExceptionUnwind = function () { hits++; };");
|
||||
function f() {
|
||||
var x = f();
|
||||
}
|
||||
f();
|
@ -181,7 +181,7 @@ uint32_t
|
||||
jit::ExceptionHandlerBailout(JSContext *cx, const InlineFrameIterator &frame,
|
||||
ResumeFromException *rfe,
|
||||
const ExceptionBailoutInfo &excInfo,
|
||||
bool *overrecursed)
|
||||
bool *overrecursed, bool *poppedLastSPSFrameOut)
|
||||
{
|
||||
// We can be propagating debug mode exceptions without there being an
|
||||
// actual exception pending. For instance, when we return false from an
|
||||
@ -196,9 +196,8 @@ jit::ExceptionHandlerBailout(JSContext *cx, const InlineFrameIterator &frame,
|
||||
JitFrameIterator iter(jitActivations);
|
||||
|
||||
BaselineBailoutInfo *bailoutInfo = nullptr;
|
||||
bool poppedLastSPSFrame = false;
|
||||
uint32_t retval = BailoutIonToBaseline(cx, bailoutData.activation(), iter, true,
|
||||
&bailoutInfo, &excInfo, &poppedLastSPSFrame);
|
||||
&bailoutInfo, &excInfo, poppedLastSPSFrameOut);
|
||||
|
||||
if (retval == BAILOUT_RETURN_OK) {
|
||||
MOZ_ASSERT(bailoutInfo);
|
||||
|
@ -209,7 +209,7 @@ class ExceptionBailoutInfo
|
||||
uint32_t ExceptionHandlerBailout(JSContext *cx, const InlineFrameIterator &frame,
|
||||
ResumeFromException *rfe,
|
||||
const ExceptionBailoutInfo &excInfo,
|
||||
bool *overrecursed);
|
||||
bool *overrecursed, bool *poppedLastSPSFrameOut);
|
||||
|
||||
uint32_t FinishBailoutToBaseline(BaselineBailoutInfo *bailoutInfo);
|
||||
|
||||
|
@ -412,7 +412,7 @@ CloseLiveIterator(JSContext *cx, const InlineFrameIterator &frame, uint32_t loca
|
||||
|
||||
static void
|
||||
HandleExceptionIon(JSContext *cx, const InlineFrameIterator &frame, ResumeFromException *rfe,
|
||||
bool *overrecursed)
|
||||
bool *overrecursed, bool *poppedLastSPSFrameOut)
|
||||
{
|
||||
RootedScript script(cx, frame.script());
|
||||
jsbytecode *pc = frame.pc();
|
||||
@ -444,7 +444,8 @@ HandleExceptionIon(JSContext *cx, const InlineFrameIterator &frame, ResumeFromEx
|
||||
// to the stack depth at the snapshot, as we could've thrown in the
|
||||
// middle of a call.
|
||||
ExceptionBailoutInfo propagateInfo;
|
||||
uint32_t retval = ExceptionHandlerBailout(cx, frame, rfe, propagateInfo, overrecursed);
|
||||
uint32_t retval = ExceptionHandlerBailout(cx, frame, rfe, propagateInfo, overrecursed,
|
||||
poppedLastSPSFrameOut);
|
||||
if (retval == BAILOUT_RETURN_OK)
|
||||
return;
|
||||
}
|
||||
@ -486,7 +487,8 @@ HandleExceptionIon(JSContext *cx, const InlineFrameIterator &frame, ResumeFromEx
|
||||
// Bailout at the start of the catch block.
|
||||
jsbytecode *catchPC = script->main() + tn->start + tn->length;
|
||||
ExceptionBailoutInfo excInfo(frame.frameNo(), catchPC, tn->stackDepth);
|
||||
uint32_t retval = ExceptionHandlerBailout(cx, frame, rfe, excInfo, overrecursed);
|
||||
uint32_t retval = ExceptionHandlerBailout(cx, frame, rfe, excInfo, overrecursed,
|
||||
poppedLastSPSFrameOut);
|
||||
if (retval == BAILOUT_RETURN_OK)
|
||||
return;
|
||||
|
||||
@ -742,7 +744,8 @@ HandleException(ResumeFromException *rfe)
|
||||
bool invalidated = iter.checkInvalidation(&ionScript);
|
||||
|
||||
for (;;) {
|
||||
HandleExceptionIon(cx, frames, rfe, &overrecursed);
|
||||
bool poppedLastSPSFrame = false;
|
||||
HandleExceptionIon(cx, frames, rfe, &overrecursed, &poppedLastSPSFrame);
|
||||
|
||||
if (rfe->kind == ResumeFromException::RESUME_BAILOUT) {
|
||||
if (invalidated)
|
||||
@ -764,6 +767,11 @@ HandleException(ResumeFromException *rfe)
|
||||
if (frames.more())
|
||||
popSPSFrame = false;
|
||||
|
||||
// Don't pop the last SPS frame if it's already been popped by
|
||||
// bailing out.
|
||||
if (poppedLastSPSFrame)
|
||||
popSPSFrame = false;
|
||||
|
||||
// When profiling, each frame popped needs a notification that
|
||||
// the function has exited, so invoke the probe that a function
|
||||
// is exiting.
|
||||
|
Loading…
Reference in New Issue
Block a user